Primary

Context

Comarch ERP Optima Hard-Coded Database Credentials Vulnerability Allowing Elevated Privileges

Vulnerability

A vulnerability exists in Comarch ERP Optima client versions prior to 2026.4, where a hard-coded password is used for a database user. These unchangeable credentials allow remote attackers to access the database with elevated privileges, including the ability to execute system commands on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized database access with elevated privileges, allowing for the execution of system commands on the server.

Remediation

Users can upgrade to Comarch ERP Optima version 2026.4 or later to address this vulnerability.

Added: May 14, 2026, 11:25 AM

Updated: May 14, 2026, 11:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Comarch ERP Optima Hard-Coded Database Credentials Vulnerability Allowing Elevated Privileges

Vulnerability

Impact

Remediation

Affected Products

Comarch ERP Optima

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating